The list was put together by SplashData, a company that provides various password management utilities such as TeamsID and Gpass. The company said it compiled the list by analyzing over five million user records leaked online in 2017 and that also contained password information.

"Use of any of the passwords on this list would put users at grave risk for identity theft," said a SplashData spokesperson in a press release that accompanied a two-page PDF document containing a list of the most encountered passwords. This is because attackers use these same leaked records to build similar lists of leaked passwords, which they then assemble as "dictionaries" for carrying out account brute-force attacks.

Attackers will use the leaked terms, but they'll also create common variations on these words using simple algorithms. This means that by adding "1" or any other character combinations at the start or end of basic terms, users aren't improving the security of their password.

Advising users on best password policies is a doctoral paper in its own right, but for the time being, users should look into using unique passwords per account, possibly employing a password manager, using more complex passwords, and above all, staying away from the terms below.